📄 Tutor LMS 2.6.2 Missing Authorization / Privilege Escalation

Proof of concept for a missing authorization vulnerability in the Tutor LMS WordPress plugin versions 2.6.2 and below. ============================================================================================================================================= | Title : Tutor LMS 2.6.2 Missing...

CVE-2020-36976 Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path

Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Acer\Registration\ to inject malicious executables...

EUVD-2020-30873

Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Acer\Registration\ to inject malicious executables...

RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

EUVD-2025-29540

Malicious code in bioql PyPI...

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

Global Registration Service 1.0.0.3 - (GREGsvc.exe) Unquoted Service Path Vulnerability

Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to...

Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path

Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Ho...